Indeed! M$ has never been much of a fan of security and, what they do, they reinvent (or ... well, I won't get into their business ethics) how to do things (just to remain incompatible, I believe) so they won't use the standard encryption for passwords.

Oh, well, here are some Google searches of use to you: apache password protect directory and apache password generator which give you [Authentication, Authorization and Access Control and [url=http://web9.2020media.com/other/htpasswd.jsp]Apache Password Generator](http://httpd.apache.org/docs/2.0/howto/auth.html).

Regards,

DK

andre_nn
—
2010-07-07T09:21:55Z —
#6

dklynn said:

Andre,I'm NOT much help in this regard as I'm on a WinDoze box as a test server but leave all this to cPanel on the production server. cPanel takes all the pain out of this process so I've gotten lazy (lazier? :lol: ) in my old age.

Regards,

DK

There WinDoze - there is a problem, yes? (((

Check the binding client certificates to accounts on the old Linux RH (I have no other :))

andre_nn
—
2010-07-07T08:58:51Z —
#7

Hello from Russia!!!

From Russia with love!

Thank you for your answers and help!

dklynn said:

Andre,

From memory (rusty now, of course), that should ask you for the title of the password window Apache will present as well as the location of the username : password file. From memory (again), Windows does NOT create that file properly so you'll

need to look for an application online which can create the passwords for you in the proper format (those pages will normally also provide a full documentation on how to create, store and use the password protection scheme).

hmmmm... All Internet searched ... no solution (((I will continue to look...

andre_nn
—
2010-07-16T14:10:58Z —
#8

All rechecked. Amended. Now people in the client certificate authentication is automatic (I do not have such)

FakeBasicAuthWhen this option is enabled, the Subject Distinguished Name (DN) of the Client X509 Certificate is translated into a HTTP Basic Authorization username. This means that the standard Apache authentication methods can be used for access control. The user name is just the Subject of the Client's X509 Certificate (can be determined by running OpenSSL's openssl x509 command: openssl x509 -noout -subject -in certificate.crt). Note that no password is obtained from the user. Every entry in the user file needs this password: xxj31ZMTZzkVA'', which is the DES-encrypted version of the word `password''. Those who live under MD5-based encryption (for instance under FreeBSD or BSD/OS, etc.) should use the following MD5 hash of the same word: $1$OXLyS...$Owx8s2/m9/gfkcRVXzgoE/''.

dklynn
—
2010-07-05T21:09:33Z —
#11

Andre,

From memory (rusty now, of course), that should ask you for the title of the password window Apache will present as well as the location of the username : password file. From memory (again), Windows does NOT create that file properly so you'll need to look for an application online which can create the passwords for you in the proper format (those pages will normally also provide a full documentation on how to create, store and use the password protection scheme).

I'm NOT much help in this regard as I'm on a WinDoze box as a test server but leave all this to cPanel on the production server. cPanel takes all the pain out of this process so I've gotten lazy (lazier? :lol: ) in my old age.

Regards,

DK

andre_nn
—
2010-07-05T14:06:22Z —
#12

Hello dklynn!

In my case, what should I enter in the authorization window?

andre_nn
—
2010-07-12T15:10:49Z —
#13

dklynn said:

Andre,Congratulations!

Thank you! Without your help I would have understood with one error - authentication failure for "/"

dklynn said:

Frankly, I don't believe I've been very useful to you because I'm just not "up" on this dealing directly with Apache (cPanel is my "crutch").

I understand you. If you have any ideas, then write. I'll wait.

dklynn said:

I'm a bit concerned with "FakeBasicAuth", though. Try a search at apache.org for that before going to Google for information as that's what I'd have to do.

I have not found an answer. I will look further.Thanks again for your help!

Regards,

Andre

andre_nn
—
2010-07-02T15:02:07Z —
#14

I could not find information on CN: (Can or not to register the IP address in CN?

Please do not worry about the language (other than that English use is required). I remember almost nothing of my university Russian, high school French or my junior high (middle school?) Latin. In other words, your English is much better than my {any other human language}.

Now, to your question: Although I insist on a Linux box for a production server, I rely on WHM/cPanel to deal with the (signed) Secure Server Certificates as well as password protecting directories. Of course, I supplement each with both mod_rewrite and PHP scripts to ensure that "secure" pages are processed via SSL and "casual" pages are not.

Because it's after midnight (and I'm up to my ears in preparing taxes), I can't go research at Apache.org but it's my feeling that you're making it more complicated than necessary: Use the Secure Server Certificate to have your pages encrypted and use password protected directories deal with the directory permissions.

I'm not sure what "certificates" you're talking about but either issue another password to them OR use SESSIONs. I've found them to be particularly powerful as you can assign "levels" to the data you store in their sessions (via login) which can be used as passkeys to various scripts.

Regards,

DK

Thank you for your reply! This question is asked in different forums and only you responded. My English is not very good. I would be grateful if you would write in simple language.

When you create a certificate, you can write in commonName IP-address?

If I disconnect «SSLOptions FakeBasicAuth» (#SSLOptions FakeBasicAuth), then everything works. But in this decision is not binding the certificate to the user account.

andre_nn
—
2010-07-02T11:12:55Z —
#18

File "C: / passwd" contains

andre_nn
—
2010-07-02T11:25:42Z —
#19

I pass the certificate validation and get login screen, but authentication can not pass. In the logs I receive an error: